Multi-phase algorithmic framework to prevent SQL injection attacks using improved machine learning and deep learning to enhance database security in real-timeAshlam, A. A., Badii, A. and Stahl, F. ORCID: https://orcid.org/0000-0002-4860-0203 (2022) Multi-phase algorithmic framework to prevent SQL injection attacks using improved machine learning and deep learning to enhance database security in real-time. In: 15th International Conference on Security of Information and Networks (SIN), 11 - 13 November 2022, Sousse, Tunisia, https://doi.org/10.1109/SIN56466.2022.9970504. (IEEE Xplore)
It is advisable to refer to the publisher's version if you intend to cite from this work. See Guidance on citing. To link to this item DOI: 10.1109/SIN56466.2022.9970504 Abstract/SummaryStructured Query Language (SQL) Injection constitutes a most challenging type of cyber-attack on the security of databases. SQLI attacks provide opportunities by malicious actors to exploit the data, particularly client personal data. To counter these attacks security measures need to be deployed at all layers, namely application layer, network layer, and database layer; otherwise, the database remains vulnerable to attacks at all levels. Research studies have demonstrated that lack of input validation, incorrect use of dynamic SQL, and inconsistent error handling have continued to expose databased to SQLI attacks. The security measures commonly deployed presently, being mostly focused on the network layer only, still leave the program code and the database at risk despite well-established approaches such as web server requests filtering, network firewalls and database access control. To overcome this deficiency, a Multi-Phase algorithmic framework is proposed with improved parameterised machine learning and deep learning to enhance database security in realtime at the database layer. The proposed method has been tested within a university and also in one of the branches of a commercial bank. The results show that the proposed method is able to i) prevent SQLi; ii) classify the type of attack during the detection process, and therefore iii) secure the database.
Download Statistics DownloadsDownloads per month over past year Altmetric Deposit Details University Staff: Request a correction | Centaur Editors: Update this record |